Compare commits
7 Commits
ec00e3a8b5
...
7f6985e5c9
Author | SHA1 | Date | |
---|---|---|---|
|
7f6985e5c9 | ||
|
dd674ebcd9 | ||
9c1e96db8d | |||
2be914b485 | |||
a4bf68bd34 | |||
e2f58fd25c | |||
e515212708 |
@ -3,6 +3,8 @@
|
||||
{
|
||||
imports = [
|
||||
../../modules
|
||||
|
||||
./web.nix
|
||||
];
|
||||
|
||||
networking.domain = "net.clerie.de";
|
||||
@ -26,6 +28,8 @@
|
||||
nix.settings = {
|
||||
trusted-users = [ "@wheel" "@guests" ];
|
||||
auto-optimise-store = true;
|
||||
# Keep buildtime dependencies
|
||||
keep-outputs = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
@ -62,54 +66,13 @@
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enableReload = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
commonHttpConfig = ''
|
||||
server_names_hash_bucket_size 64;
|
||||
map $remote_addr $remote_addr_anon {
|
||||
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
|
||||
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
|
||||
default ::;
|
||||
}
|
||||
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log vcombined_anon;
|
||||
'';
|
||||
|
||||
virtualHosts = {
|
||||
"default" = {
|
||||
default = true;
|
||||
rejectSSL = true;
|
||||
locations."/" = {
|
||||
return = ''200 "Some piece of infrastructure\n"'';
|
||||
extraConfig = ''
|
||||
types { } default_type "text/plain; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
services.logrotate.settings.nginx = {
|
||||
frequency = "daily";
|
||||
maxage = 14;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
defaults.email = "letsencrypt@clerie.de";
|
||||
acceptTerms = true;
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
experimental-features = [
|
||||
"flakes"
|
||||
"nix-command"
|
||||
"repl-flake"
|
||||
];
|
||||
substituters = [
|
||||
"https://nix-cache.clerie.de"
|
||||
];
|
||||
|
50
configuration/common/web.nix
Normal file
50
configuration/common/web.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
services.nginx = {
|
||||
enableReload = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
commonHttpConfig = ''
|
||||
server_names_hash_bucket_size 64;
|
||||
map $remote_addr $remote_addr_anon {
|
||||
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
|
||||
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
|
||||
default ::;
|
||||
}
|
||||
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log vcombined_anon;
|
||||
'';
|
||||
|
||||
virtualHosts = {
|
||||
"default" = {
|
||||
default = true;
|
||||
rejectSSL = true;
|
||||
locations."/" = {
|
||||
return = ''200 "Some piece of infrastructure\n"'';
|
||||
extraConfig = ''
|
||||
types { } default_type "text/plain; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.logrotate.settings.nginx = {
|
||||
frequency = "daily";
|
||||
maxage = 14;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
defaults.email = "letsencrypt@clerie.de";
|
||||
acceptTerms = true;
|
||||
};
|
||||
}
|
18
flake.lock
18
flake.lock
@ -215,11 +215,11 @@
|
||||
},
|
||||
"nixpkgs-krypton": {
|
||||
"locked": {
|
||||
"lastModified": 1693985761,
|
||||
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||
"lastModified": 1694183432,
|
||||
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -231,11 +231,11 @@
|
||||
},
|
||||
"nixpkgs-schule": {
|
||||
"locked": {
|
||||
"lastModified": 1693985761,
|
||||
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||
"lastModified": 1694183432,
|
||||
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -247,11 +247,11 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1693985761,
|
||||
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
|
||||
"lastModified": 1694183432,
|
||||
"narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
|
||||
"rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -16,6 +16,7 @@
|
||||
./legal.nix
|
||||
./meow.nix
|
||||
./milchinsel.nix
|
||||
./mitel-ommclient2.nix
|
||||
./ping.nix
|
||||
./prediger.nix
|
||||
./public.nix
|
||||
|
20
hosts/web-2/mitel-ommclient2.nix
Normal file
20
hosts/web-2/mitel-ommclient2.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ ... }: {
|
||||
services.update-from-hydra.paths.mitel-ommclient2 = {
|
||||
enable = true;
|
||||
hydraUrl = "https://hydra.clerie.de";
|
||||
hydraProject = "clerie";
|
||||
hydraJobset = "mitel_ommclient2";
|
||||
hydraJob = "packages.x86_64-linux.mitel-ommclient2";
|
||||
buildOutput = "doc";
|
||||
nixStoreUri = "https://nix-cache.clerie.de";
|
||||
resultPath = "/srv/mitel-ommclient2";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"mitel-ommclient2.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/srv/mitel-ommclient2/share/doc/mitel-ommclient2/html";
|
||||
};
|
||||
};
|
||||
}
|
@ -64,27 +64,31 @@ in {
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.wetter = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
RuntimeDirectory = "wetter";
|
||||
StateDirectory = "wetter";
|
||||
User = "wetter_web";
|
||||
Group = "wetter_web";
|
||||
};
|
||||
environment = {
|
||||
WETTER_SETTINGS = "${configFile}";
|
||||
};
|
||||
script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
|
||||
path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
|
||||
};
|
||||
# systemd.services.wetter = {
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# serviceConfig = {
|
||||
# RuntimeDirectory = "wetter";
|
||||
# StateDirectory = "wetter";
|
||||
# User = "wetter_web";
|
||||
# Group = "wetter_web";
|
||||
# };
|
||||
# environment = {
|
||||
# WETTER_SETTINGS = "${configFile}";
|
||||
# };
|
||||
# script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
|
||||
# path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
|
||||
# };
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"wetter.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8234";
|
||||
#proxyPass = "http://[::1]:8234";
|
||||
return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"'';
|
||||
extraConfig = ''
|
||||
types { } default_type "text/plain; charset=utf-8";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -45,6 +45,14 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
buildOutput = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Build output name
|
||||
'';
|
||||
};
|
||||
|
||||
nixStoreUri = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
@ -85,7 +93,7 @@ in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
script = ''
|
||||
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
|
||||
${pkgs.update-from-hydra}/bin/update-from-hydra --hydra-url "${path.hydraUrl}" --hydra-project "${path.hydraProject}" --hydra-jobset "${path.hydraJobset}" --hydra-job "${path.hydraJob}" ${optionalString (path.buildOutput != null) "--build-output ${path.buildOutput}"} --nix-store-uri "${path.nixStoreUri}" --gcroot-name "${name}" "${path.resultPath}"
|
||||
'';
|
||||
})
|
||||
) cfg.paths);
|
||||
|
@ -2,6 +2,8 @@
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
BUILD_OUTPUT="out"
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
--hydra-url)
|
||||
@ -29,6 +31,11 @@ while [[ $# -gt 0 ]]; do
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--build-output)
|
||||
BUILD_OUTPUT="$2"
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--gcroot-name)
|
||||
GCROOT_NAME="$2"
|
||||
shift
|
||||
@ -50,13 +57,13 @@ set -- "${ARGS[@]}"
|
||||
HYDRA_JOB_URL="${HYDRA_URL}/job/${HYDRA_PROJECT}/${HYDRA_JOBSET}/${HYDRA_JOB}/latest-finished"
|
||||
RESULT_PATH="$1"
|
||||
|
||||
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB}"
|
||||
echo "Updating ${RESULT_PATH} from ${HYDRA_PROJECT}:${HYDRA_JOBSET}:${HYDRA_JOB} output ${BUILD_OUTPUT}"
|
||||
|
||||
echo "Make sure symlink directory exist"
|
||||
mkdir -p "$(dirname "${RESULT_PATH}")"
|
||||
|
||||
echo "Fetching job output"
|
||||
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r .buildoutputs.out.path)"
|
||||
STORE_PATH="$(curl -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.${BUILD_OUTPUT}.path")"
|
||||
|
||||
echo "Copying path"
|
||||
nix copy --from "${NIX_STORE_URI}" "${STORE_PATH}"
|
||||
|
Loading…
Reference in New Issue
Block a user